I’m about to install F43 on a brand new Lenovo IdeaPad Slim5. I intend to dual-boot with the pre-installed Windoze 11. Lenovo advises disabling secure boot before installation of Fedora. But, that makes me nervous – it sounds like I would be more vulnerable to being hacked.
How bad could it be if I try to install F43 without disabling secure boot? Would there be any advantage to disabling secure boot, installing F43, and then re-enabling secure boot (if that’s even possible)?
Fedora supports installing and running on systems where Secure Boot is enabled, there should be no need to fully disable it.
However, some systems require enabling a “Third-party OS” (or called slightly different names by different UEFI vendors) support for Secure Boot though.
As I understand it, this enables booting systems signed by Microsoft’s “Third Party” certificate, which includes Fedora (and other Linux distributions).
Disabling Secure Boot for the install and enabling it again would likely render the installed OS not able to boot, so I would not … recommend that. 
Thanks, Fabio. I’ll go ahead and try without disabling it and see what happens…
I run F43 and Win11 Pro and had no issues installing Fedora with Secure Boot enabled on a Framework 16 Laptop. As long as Windows is installed first due to its habit of using its boot loader first, never giving you a chance to select Fedora to boot.
I instlalled COSMIC Atomic on my ThinkPad X1 Carbon with Secure Boot enabled. No problems at all. Worked perfectly.
I haven’t tried, but I dont think Windows 11 would boot if Secure Boot were disabled.
Just keep in mind that (it happened to me once) motherboard bios updates will reset settings and might re-enable secure boot as it is generally the default for motherboards. So if system refuses to boot after a bios update, check if secure boot has been re-enabled. Hope this saves you a few hours of headache 
This actually worked fine on my laptop. The efibootmgr entries created by the installer seem to point to the Secure Boot-compatible “shim” EFI binaries (rather than directly to the GRUB EFI binaries) whether or not Secure Boot was enabled at the time of install.
Not that there is any reason to positively recommend doing this 
Thank you, everybody. I’ll let you know how it goes once I’ve got over the other problem I’m having in installing F43, namely making a recovery drive for the pre-installed Windows 11 installation.
With help from this great forum, I solved the recovery-drive problem and proceeded to install F43, without disabling secure boot.
It went smoothly, except for one surprise and one hiccup.
The surprise came when I resized the existing Windows partition to make room for Fedora. Having no files of my own on Windows (the machine is brand new), I thought leaving 100 GB for Windows would be plenty, but the installer told me it wasn’t enough. So I gave it 150 GB. Seems ridiculous, but I guess that’s Windows for you.
The hiccup came when the installation process reached the stage of activating wifi. I selected my network and clicked the “next” button, and suddenly the screen went black. Hitting alt-F4 (or something – I don’t remember now), I got to a login prompt, but that wasn’t much help, since I had not yet set a username or password.
So, I did a hard reboot and redid the installation, this time skipping the wifi-activation step. After completing the script, I activated wifi.
Everything seems to be working fine now, and I’ve verified that I can still boot to Windows.
Thanks, everyone!